Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
content = entry.pop(k, None)
if content:
entry[v] = content
if 'sha1' in entry:
entry['sha1'] = entry['sha1'][4:]
if 'file_id' in entry:
entry['file_id'] = entry['file_id'][4:]
if 'sha1' not in entry:
entry['sha1'] = entry['file_id']
if 'program_id' in entry:
entry['program_id'] = entry['program_id'][4:]
entry['timestamp'] = convert_wintime(subkey.header.last_modified, as_json=self.as_json)
if 'size' in entry:
entry['size'] = int(entry['size'], 16) if isinstance(entry['size'], str) else entry['size']
is_pefile = entry.get('is_pe_file')
if is_pefile is not None:
entry['is_pe_file'] = bool(is_pefile)
is_os_component = entry.get('is_os_component')
if is_os_component is not None:
entry['is_os_component'] = bool(is_os_component)
if entry.get('link_date') == 0:
entry.pop('link_date')
for ts_field_name in WIN8_TS_FIELDS:
def _get_installed_software(self, subkey_path):
try:
uninstall_sk = self.registry_hive.get_key(subkey_path)
except RegistryKeyNotFoundException as ex:
logger.error(ex)
return
for installed_program in uninstall_sk.iter_subkeys():
values = {underscore(x.name): x.value for x in
installed_program.iter_values(as_json=self.as_json)} if installed_program.values_count else {}
self.entries.append({
'service_name': installed_program.name,
'timestamp': convert_wintime(installed_program.header.last_modified, as_json=self.as_json),
'registry_path': subkey_path,
**values
def get_timestamp_for_subkeys(registry_hive, subkey_list):
for subkey_path in subkey_list:
subkey = registry_hive.get_key(subkey_path)
yield subkey_path, convert_wintime(subkey.header.last_modified, as_json=True)
def run(self):
logger.info('Started Computer Name Plugin...')
for subkey_path in self.registry_hive.get_control_sets(COMPUTER_NAME_PATH):
subkey = self.registry_hive.get_key(subkey_path)
try:
self.entries.append({
'name': subkey.get_value('ComputerName', as_json=self.as_json),
'timestamp': convert_wintime(subkey.header.last_modified, as_json=self.as_json)
})
except RegistryValueNotFoundException as ex:
continue
def run(self):
logger.info('Started profile list plugin...')
try:
subkey = self.registry_hive.get_key(PROFILE_LIST_KEY_PATH)
except RegistryKeyNotFoundException as ex:
logger.error(ex)
for profile in subkey.iter_subkeys():
self.entries.append({
'last_write': convert_wintime(profile.header.last_modified, as_json=self.as_json),
'path': profile.get_value('ProfileImagePath'),
'flags': profile.get_value('Flags'),
'full_profile': profile.get_value('FullProfile'),
'state': profile.get_value('State'),
'sid': profile.name,
'load_time': convert_filetime(profile.get_value('ProfileLoadTimeLow'), profile.get_value('ProfileLoadTimeHigh')),
'local_load_time': convert_filetime(profile.get_value('LocalProfileLoadTimeLow'), profile.get_value('LocalProfileLoadTimeHigh'))
})
def _get_installed_software(self, subkey_path):
try:
uninstall_sk = self.registry_hive.get_key(subkey_path)
except RegistryKeyNotFoundException as ex:
logger.error(ex)
return
for installed_program in uninstall_sk.iter_subkeys():
values = {underscore(x.name): x.value for x in
installed_program.iter_values(as_json=self.as_json)} if installed_program.values_count else {}
self.entries.append({
'service_name': installed_program.name,
'timestamp': convert_wintime(installed_program.header.last_modified, as_json=self.as_json),
'registry_path': subkey_path,
**values
is_pefile = entry.get('is_pe_file')
if is_pefile is not None:
entry['is_pe_file'] = bool(is_pefile)
is_os_component = entry.get('is_os_component')
if is_os_component is not None:
entry['is_os_component'] = bool(is_os_component)
if entry.get('link_date') == 0:
entry.pop('link_date')
for ts_field_name in WIN8_TS_FIELDS:
ts = entry.pop(ts_field_name, None)
if ts:
entry[ts_field_name] = convert_wintime(ts, as_json=self.as_json)
self.entries.append(entry)